Windows Server - ADAM Authentication Failure

Asked By Carl

20-Nov-09 09:52 AM

We have an application which queries ADAM (userProxy) for AD authentication,
however in between we have problems where users cant get autheticated for
reasons unknown. When tried to login using ldp, we get an error "Error
49:ldap_simple_bind_s{} failed:Inavalud Credentials
Server Error:Empty

Not sure whats going wrong...it suddenly stops working. Can you tell me what
to look for?

Windows Server Active Directory Discussions

IfLDP
(1)

UserPrincipalName
(1)

DisplayName
(1)

UserProxy
(1)

Directory
(1)

Inavalud
(1)

Proxies
(1)

Ldp
(1)

Joe Kaplan replied to Carl

20-Nov-09 12:15 PM

Check and see if the event log on the server has more details and also, if
LDP provides a longer error code, that would be helpful.

The first obvious thing to look at is whether the username specified in the
simple bind operation matches a valid username on the userProxy. Depending
on how the proxies are provisioned, this could either be the full DN of the
proxy or the displayName or userPrincipalName attribute values on the proxy.
Note that these are not necessarily the same values in the matching AD
object so this can be confusing.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net

Previous Discussion: Perils of Turning Automatic Updates off

GPO's Not Replicating Windows Server

http: / / forums.techarena.in / members / 169993.htm View this thread: http: / / forums.techarena.in / active-directory / 1288776.htm http: / / forums.techarena.in Windows Server Active Directory Discussions Windows Server 2008 R2 (1) Windows Server 2008 (1) Active Directory (1) NetBIOS (1) ProcessingTimeInMilliseconds (1) EventRecordID (1) DNSLint (1) FRSUtil (1) GPResult from GPUpdate and http: / / forums.techarena.in / members / 169993.htm View this thread: http: / / forums.techarena.in / active-directory / 1288776.htm http: / / forums.techarena.in TBaze, Two quick things: 1) Windows Firewall turned on a bit so is likely the cause of a couple of the event log errors. Directory Server Diagnosis Performing initial setup: Trying to find home server. . . * Verifying that the local machine M1CMS001, is a Directory Server. Home Server = M1CMS001 * Connecting to directory service on server M1CMS001. * Identified AD Forest. Collecting AD specific global data * Collecting site info FRS is not running on M1CMS002.testadservs.net. [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers. This

Copying or merging local and domain profiles Windows Server

changed the ProfileImagePath registry key of a new local account to point to the home directory of the domain account I cannot log into. On rebooting I found I could no http: / / forums.techarena.in / members / 50480.htm View this thread: http: / / forums.techarena.in / active-directory / 1345292.htm http: / / forums.techarena.in Windows Server Active Directory Discussions Windows Vista (1) Outlook 2003 (1) Outlook 2007 (1) Windows 7 (1) Outlook (1 http: / / forums.techarena.in / members / 50480.htm View this thread: http: / / forums.techarena.in / active-directory / 1345292.htm http: / / forums.techarena.in Ok, first, Desktop CAN be copied that way, except so others can tell you if its save executing it :) 1) On which harddrive the directory "Users" is saved? (normally C:) 2) Whats the directory name for your old useraccount? (look into the Users directory, name should be RowanB.SSK) 3) Whats the directory name for your new useraccount you are using now and want to use in the

DNS and forward lookup zones Windows Server

http: / / forums.techarena.in / members / 73272.htm View this thread: http: / / forums.techarena.in / active-directory / 1292313.htm http: / / forums.techarena.in Windows Server Active Directory Discussions Active Directory (1) Windows Server (1) ServicesMCTS (1) BergsonMVP (1) CSci (1) Achiever (1) Trainer (1) Month domain from the forest). Keep in mind that there is a big difference between Active Directory domains and DNS domains. Also here is something it might help understanding the role of 10).aspx Regards, Andrei Ungureanu www.itboard.ro www.winadmin.ro Inline - - Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft 2008 & Exchange 2007, MCSE & MCSA 2003 / 2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact com for regional support phone numbers. Thank you all So once the zones are active directory integrated all is automatic. The client register themselves through dhcp server and each domain controller with dns using active directory integrated will have the same records. This one I just tried it and created the

Batch File Problem Windows Server

or batch file" . . . . yet the program cbreak.exe does exist and is in the same directory as the batch file. If I edit the batch file and give the full path the batch file location-dependent. Why does it not find cbreak in it is own directory? Windows 2000 Discussions MyCbreak (1) Nherr1professor2doktor31109 (1) LacdpauseYou (1) Documentsand (1) Windows (1) Oyahoo (1 etc) to the names of those files. The cbreak.exe program along with an output directory and some control parameters. In fact, that part of the batch file seems to work do not understand why that is necessary (since all involved files are in the same directory). Sid, Suggestion: add justt before "cbreak" a la cd pause You need full path to the batch file becomes specific to that location: if I move the files to another directory I have to edit the batch. Incidentally, I did try putting a copy of cbreak multi-boot system (3xOS) using the Windows boot manager and was using the wrong . . . . \ Sytem32 directory when I wrote that. Duh! If the program works fine with a fully qualified path your first suggestion, I notice that command prompt during batch file operation shows the current directory as . . . \ documents and Settings \ <user> . So it seems that if, in the GUI, I open and-drop some files onto the .bat, windows runs said batch file from the user-directory. That strikes me as less than useful. In any event, it seems I can get

Missing one of the "default Password Replication Policy groups" Windows Server

anybody give me a new avenue of exploration? This is a cross post from the Directory Services forum where so far I have had no response http: / / social.technet.microsoft.com / Forums / en-US / winserverDS / thread / 56c72e7e-d367-4c13-85a1-64f1df62e328 Windows Server Active Directory Discussions Small Business Server 2003 R2 (1) Windows Server 2008 R2 (1) Windows Server 2008 1) Windows Server 2003 (1) Microsoft Exchange (1) Active Directory (1) DisableCancelForDnsInstall (1) CopyFilesToTempDirectory (1) James, Back then when you prepared the Schema for Server have on Forest upgrades http: / / www.pbbergs.com / windows / articles / Upgrading_Active_Directory_from_2003_to_2008.htm - - Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft NewsGroup could assist in reading. Most of these logs provide good details. - - Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft See: http: / / technet.microsoft.com / en-us / library / cc732838(WS.10).aspx - - Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft 1553700716-3413723528-2741516094-512 12 / 15 / 09 18:30:44 79231437 Copying files to temp directory C: \ WINDOWS \ temp \ ADP1.tmp 12 / 15 / 09 18:30:44 79231437 CopyFilesToTempDirectory() 12 / 15 fileOp.fAnyOperationsAborted: FALSE 12 / 15 / 09 18:30:49 79236390 Done copying files to temp directory. 12 / 15 / 09 18:30:49 79236390 adprep path: C: \ WINDOWS \ temp \ ADP1.tmp \ adprep